10+ answers to your questions about IPv6

Michael Kassner recently asked TechRepublic members to share their questions about IPv6, promising to submit them to the experts at ARIN and Command Information. Both groups graciously responded, providing the following in-depth answers.

Michael Kassner recently asked TechRepublic members to share their questions about IPv6, promising to submit them to the experts at ARIN and Command Information. Both groups graciously responded, providing the following in-depth answers.

#1: Can you provide a simple overview of IPv6 and the differences between it and IPv4?

(Answer by ARIN)

Internet Protocol is a set of technical rules that define how computers communicate over a network. There are currently two versions: IP version 4 (IPv4) and IP version 6 (IPv6).

IPv4 was the first version of Internet Protocol to be widely used and still accounts for most of today's Internet traffic. There are just over 4 billion IPv4 addresses. While that is a lot of IP addresses, it is not enough to last forever.

IPv6 is a newer numbering system to replace IPv4. It was deployed in 1999 and provides far more IP addresses, which should meet the need well into the future.

The major difference between IPv4 and IPv6 is the number of IP addresses. Although there are slightly more than 4 billion IPv4 addresses, there are more than 16 billion-billion IPv6 addresses.

Internet Protocol version 4 (IPv4)

Internet Protocol version 6 (IPv6)

Deployed

1981

1999

Address size

32-bit number

128-bit number

Address format

Dotted aecimal notation:192.168.0.202

Hexadecimal notation:3FFE:0400:2807:8AC9::/64

Number of addresses

2^32

2^128

#2: IPv4 and IPv6 coexistence — what does that mean?

(Answer by ARIN)

The technical functioning of the Internet remains the same in both versions and it is likely that both versions will continue to operate simultaneously on networks well into the future. To date, most networks that use IPv6 support both IPv4 and IPv6 addresses in their networks.

It is important for all organizations to consider the adoption of IPv6 for their Internet services over the next couple of years, but it is also important to know that IPv4 is not going away. IPv4 and IPv6 will coexist on the Internet for many years. Although it is necessary to make certain services like Web sites and e-mail available over the IPv6 network, it is not necessary to replace the already deployed IPv4 infrastructure. The transition from IPv4 to IPv6 will happen over the course of many years, with both protocols working together on the Internet. Much of the IPv4 deployed infrastructure may continue to work on the Internet for years to come.

#3: What will happen with older machines? What devices support IPv6? What Microsoft operating systems support IPv6?

(Answer by Command Information)

It is very difficult to generalize answers for questions like this. By older machines, I would assume we are talking about desktop machines. Some level of IPv6 support can be found (not necessarily through Microsoft) for all Windows systems from 95 through Vista, including Windows NT. However, the level of support will vary greatly. It should be noted that Windows XP, Vista, and Mobile all ship capable of running IPv6. Vista and Windows Mobile default to having IPv6 turned on, but the user has to turn it on in XP. As for what devices support IPv6 — the device world is large; check with your device vendor for details.

#4: What about having IPv6 perimeter IP addresses and IPv4 IP addresses on the internal network?

(Answer by ARIN)

ARIN asks organizations to consider "dual-stacking" IPv4 and IPv6 so they can continue to communicate with IPv4 portions of the Internet, yet be able to communicate with the new and soon-to-expand IPv6 portions. ARIN advises organizations to begin by deciding what makes their routers, DNS, Web servers, and mail servers compatible with IPv6.

The level of effort to make Web site, e-mail, and other communication services available via IPv6 will be different for each organization. It will depend greatly on how the network is set up and what services are deployed. Here are some examples.

Some business entities host and manage their own Web sites and e-mail services at their own facilities. These companies will need to update the public-facing portion of their networks and servers so they are dual-stacked. This involves work at their own facility and coordinating with their service provider(s) to ensure some form of IPv6 connectivity is available.

Some business entities use a service provider or contractor to host and manage their Web sites and e-mail services. These companies will need to contact their service provider(s) or contractor(s) and state their requirement that their services be available over both IPv4 and IPv6.

Some business entities are Internet service providers themselves. These companies will need to update their infrastructure so that it includes connectivity to the Internet using IPv6.

Individual users may not have Web sites of their own, but they do visit other sites and communicate via e-mail over the Internet. Individual users will rely on their ISPs to ensure proper updates have been made so they can still see and communicate with the entire Internet, including both IPv4 and IPv6.

Organizations may also establish protocol translation services for their network, allowing clients using one version of the protocol to interact with content on the Internet using the other version.

#5: How does IPv6 addressing work? Explain IPv6 IP address shorthand.

(Answer by Command Information)

In general, an IPv6 address is made up of eight 4-character hexadecimal chunks, each separated by a colon. For example, 2001:0db8:0049:0000:ab00:0000:0000:0102 is a full IPv6 address. The first four chunks (64 bits) of the address identify the network portion of the address, referred to as the "network prefix." Because IPv6 addresses are hierarchical, the network prefix identifies the organization, service provider, and other elements of distribution. The last four chunks (64 bits) compose the interface ID, a unique identifier that is often created using a device's MAC address.

Because a full address as shown above can be cumbersome, addresses can be compressed via two easy steps. First, all leading zeros within a given chunk can be eliminated. For the above address this would reduce the address to 2001:db8:49:0:ab00:0:0:102. Additionally, once per address (and only once; otherwise, you'd risk ambiguous addresses), any number of consecutive, all-zero chunks can be replaced by a double colon, making the most compressed form of the above address 2001:db8:49:0:ab00::102.

#6: Do IPv6-ready firewalls actually work?

(Answer by Command Information)

Yes, there are IPv6-capable firewalls, and they work just like any other firewall. The key when evaluating a firewall for compatibility is to make note of who is saying the device is capable. The vendor can say its device is IPv6 compatible, but what "compatible" means is up to the vendor to say. "IPv6 Ready" is a standard set forth by the IPv6 Forum and offers vendors a chance for their devices (of all kinds, not just firewalls) to be tested and certified to either silver or gold standards.

The Joint Interoperability Test Command (JITC) offers a more stringent testing and certification. NIST will offer a certification in the future, but does not actually have testing laboratories available at this point. Whenever we talk about firewalls, though, it goes without saying that whatever the performance of the device, unless the rules it operates under are sound, the device is not sound.

#7: Will common networking tools such as Ping work with IPv6?

(Answer by Command Information)

Yes. Depending on your platform, some might be slightly renamed (and/or protocol specific), such as "ping6," but the essential, everyday, screwdriver/hammer-type tools like ping, traceroute, and telnet are present for IPv6.

#8: How does DHCPv6 work? How is it different from DHCPv4?

(Answer by Command Information)

Stateless Auto Configuration was originally designed to eliminate the need for DHCP in IPv6, and is in fact the default address assignment method in almost all host operating systems. However, some enterprises will feel the need to control their address allotments more tightly, and DHCPv6 was developed for this reason. Stateful DHCPv6 works, from a functional standpoint, very similarly to its v4 counterpart. The function of the protocol is to provide addressing and other useful information, such as the address of a DNS server. From an operation point of view, DHCP does have some differences, such as the use of multicast instead of broadcast and the ability to assign multiple addresses to a client. DHCPv6 also has two other modes of operation in addition to Stateful - Stateless and Prefix Delegation.

#9: How does DNSv6 work? How is it different from DNSv4?

(Answer by Command Information)

DNS (there is no "DNSv6" protocol) continues to operate as the default, Internet-wide name resolution service — simply with a new record type and a new transport option. The new record type is AAAA (referred to a "quad A"), and the new transport — of course — is IPv6. From a logistics standpoint, DNS works just like it always has. If a host supports only IPv4, it works as it always has — asking for A records. If a host supports IPv6 only, it asks for AAAA records only. If a host supports both (and believes it has both transports available), it asks for both.

#10: How are packets fragmented in IPv6 and how does that compare to IPv4?

(Answer by Command Information)

Fragmentation has been completely rethought in IPv6. When different networks were joined together in the dawning of the Internet, the job of fragmentation was given to the entry points (routers) that connected different networks or segments. Since some had smaller maximum transmission units (MTUs) than others, it made sense that they be able to break the packets down when they reached the entry points, because network reliability and throughput were at a premium. In IPv6, it is the role of the sending node to handle fragmentation. Because fragmentation is done by the sending node and not in transit, load on routers is reduced and they can return to the job they were built for — passing packets to the next hop.

#11: What really happens to my company Internet access if it or my ISP network doesn't transition in time?

(Answer by ARIN)

Without a dual-stacked network or deployed protocol translation services, an individual user gaining Internet access for the first time from an IPv6-only ISP may not be able to access the Web sites or mail servers for organizations that operate IPv4-only networks.

There are implications to not adopting IPv6. These implications become evident as wide-scale deployment of IPv6 accelerates. Not adopting IPv6 may cause the following types of issues for the various types of Internet users.

Individual Users: Individual users may not be able to view Web sites and communicate with certain destinations. Many individuals use the Internet to communicate with distant friends and family, research medical issues, and participate in group discussions among other things.

Enterprise Organizations: Enterprise organizations and corporations may not be able to communicate with certain critical government resources, clients, and potential customers. E-mail is a critical form of communication for most enterprise organizations today and their Web sites are vitally important resources for them to communicate with the public.

Governments: Governments may lose their ability to see and communicate with the "whole Internet." Access to information is critical for governments. There also may be an inability for citizens and other Internet users to access information about the government and communicate over the Internet with government agencies.

Service Providers: Organizations that provide services over the Internet may experience customer and/or revenue losses if they do not update their offerings to include IPv6. Customers will expect to be able to communicate with everyone else on the Internet and may seek out other ways to do that if their current service provider is not capable.

#12: Is there some kind of a timeline for ISPs and backbone networks to implement IPv6 if it's not already in place? When do I need to start the change over process?

(Answer by ARIN)

Within the next few years, once the regional Internet registries (RIRs) run out of large blocks of IPv4 address space, organizations that require larger contiguous blocks of address space will be able to receive them only in IPv6. Contiguous blocks of IP address space are necessary for activities like building out new large networks and adding new customers to existing Internet service providers' networks.

Even organizations that have enough IPv4 address space and continue to operate their IPv4 networks will still need to implement IPv6 on their networks. Today, some people are voluntarily attempting to reach mail and Web servers via IPv6 connections to the Internet. Once the RIRs have no large blocks of IPv4 address space remaining and start allocating IPv6-only blocks to ISPs and other large networks, some people will have to use IPv6 to reach the Internet.

Therefore, any organization that has a Web site and communicates via e-mail will need to take steps to ensure those services are visible over both the IPv4 and IPv6 networks. The IPv4 network will allow continued communications with the legacy Internet, and the IPv6 network will allow Web site and e-mail communications to be visible for individuals connecting to the Internet using IPv6 only. When services are available over both IPv4 and IPv6, it's referred to as "dual-stacked."

The decision of when to make a network IPv6 capable is up to each organization, but every effort should be employed to begin planning and preparing for the transition as soon as possible.

As the free pool of available IPv4 addresses diminishes over the next couple of years, Internet service providers will begin to deploy services to customers using IPv6 only. When this occurs, there will be an IPv6-only portion of the Internet that begins to grow. For mutual communications to occur between an organization's Web site, e-mail, and other communication services and individuals who are part of this IPv6- only portion of the Internet, the organization will need to first make services IPv6 capable.

It is not possible to accurately predict the exact rate at which the Internet will continue to grow, and even less possible to predict what portion of that growth will be IPv6 only. It is possible to imagine, though, that Internet growth will continue at a rapid rate. And with that rapid growth will come many individuals who are connected to the Internet using IPv6. Within one year past the point of IPv4 free pool depletion and wide-scale IPv6 deployment, perhaps 2% of users will be on the IPv6-only portion of the Internet. After two years, maybe 4%. After five years, a much larger percentage. Each organization will have to decide when it is time to adopt IPv6. If it decides it must be ready to communicate with the IPv6-only portion of the Internet before it begins to grow, the time to act is now.

Online resources for IPv6 from the experts

ARIN hosts an IPv6 Wiki. This site is intended to facilitate discussion and information-sharing on IPv6 topics and issues. More information about IPv6, including general educational materials, specific registration services information, and contact information, is available at this ARIN v6 link.

Final thoughts

I would like to thank everyone at ARIN and Command Information for providing answers to TechRepublic members' questions. I especially want to thank Megan Kruse of ARIN and Patrick Bowman of Command Information for pulling the information together and making this article possible.

Michael Kassner has been involved with communications for 40-plus years, starting with amateur radio (K0PBX). He now works as a network field engineer for Orange Business Services and as a consultant with MKassner Net. Current certifications include Cisco ESTQ Field Engineer, CWNA, and CWSP.